Home
last modified time | relevance | path

Searched refs:DANE (Results 1 – 25 of 44) sorted by relevance

12

/freebsd/crypto/openssl/doc/man3/
H A DSSL_CTX_dane_enable.pod9 - enable DANE TLS authentication of the remote TLS server in the local
33 These functions implement support for DANE TLSA (RFC6698 and RFC7671)
37 required for DANE support.
39 per-connection DANE support as appropriate.
40 DANE authentication is implemented in the L<X509_verify_cert(3)> function, and
49 The B<mtype> argument specifies a DANE TLSA matching type and the B<md>
59 of the DANE TLSA parameter acronyms) is mapped to C<EVP_sha256()>
64 L<SSL_connect(3)> if (and only if) you want to enable DANE for that connection.
65 (The connection must be associated with a DANE-enabled SSL context).
89 If no TLSA records are added successfully, DANE authentication is not enabled,
[all …]
H A DSSL_get0_peer_rpk.pod23 SSL_add_expected_rpk() adds a DANE TLSA record matching public key B<rpk>
24 to SSL B<s>'s DANE validation policy.
59 When DANE is enabled via L<SSL_dane_enable(3)>, the configured TLSA records
61 If DANE is not enabled, then no validation will occur.
H A DSSL_set1_host.pod28 via SSL_set_hostflags(). Clients that enable DANE TLSA authentication
40 This function is required for DANE TLSA in the presence of service name indirection
67 of scope with the RFC 7671 DANE-EE(3) certificate usage, and the
68 internal check will be suppressed as appropriate when DANE is
79 applicable (as with RFC 7671 DANE-EE(3)), or no trusted peername was
H A DSSL_CTX_set_ct_validation_callback.pod85 validated via DANE-TA(2) or DANE-EE(3) TLSA records which use a private X.509
88 nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA
H A DX509_verify_cert.pod65 The raw public key can be authenticated only via DANE TLSA records, either
67 Raw public key DANE TLSA records may be added via L<SSL_add_expected_rpk(3)> or
H A DX509_check_host.pod139 checks may be out of scope with the DANE-EE(3) certificate usage,
141 DANE support is enabled.
H A DX509_STORE_CTX_get_error.pod396 =item B<X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records>
398 DANE TLSA authentication is enabled, but no TLSA records matched the
467 No TLS records were configured to validate the raw public key, or DANE was not
H A DSSL_new.pod54 =item any DANE settings
/freebsd/contrib/sendmail/src/
H A Ddomain.c28 # if DANE
72 # if DANE
750 # if DANE
894 # if DANE
909 # if DANE
933 # if DANE
1069 # if DANE
1076 # if DANE
1114 # if DANE
1356 # if DANE
[all …]
H A Dtls.h49 #if DANE
238 # if DANE
284 # if DANE
H A Dsm_resolve.h49 #if DNSMAP || DANE
155 # if DANE
H A Ddeliver.c41 #if DANE
51 # if DANE
1713 # if DANE
1777 # if DANE
1958 #if DANE
2021 #if DANE
2556 #if DANE
2569 #if DANE
2623 #if DANE
2784 # if DANE
[all …]
H A Dstab.c22 #if DANE
201 #if DANE
419 #if DANE in rmexpstab()
H A Dsendmail.h44 # if _FFR_TLSA_DANE && !defined(DANE)
45 # define DANE _FFR_TLSA_DANE macro
48 # if DANE
194 # if DANE
225 # if DANE
379 #if DANE
602 #if DANE
1769 #if DANE
1806 #if DANE
1838 #if DANE
[all …]
H A Dtls.c32 # if DANE && OPENSSL_VERSION_NUMBER == 0x30200000L
33 # error OpenSSL 3.2.0 has a bug related to DANE
1815 # if DANE
1950 # if DANE
2057 # if DANE
2150 # if DANE
2162 # if DANE
2477 # if DANE
2840 # if DANE
2851 # if DANE
H A DTRACEFLAGS80 #if DANE
116 90,>99 tls.c deliver.c Simulate error for OpenSSL functions related to DANE
H A Dtlsh.c60 # if DANE
H A Ddaemon.c32 # if DANE
2137 #if DANE in makeconnection()
2146 #if DANE
2169 #if DANE
2172 #if DANE && NETINET6
2178 #if DANE
2391 #if DANE
/freebsd/crypto/openssl/test/
H A Ddanetest.in49 ## -- Anonymous and "never valid" leaf certificate DANE-EE(3) tests
201 ## -- DANE-?? chain tests --
1510 # DANE-EE(3) beats DANE-TA(2)
1559 # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2
1608 # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1
1657 # DANE-TA(2) depth 2 beats PKIX-EE depth 0
1706 # DANE-TA(2) Full(0) root "from DNS":
1740 # DANE-TA(2) Full(0) intermediate "from DNS":
1760 # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS":
1780 # DANE-TA(2) SPKI(1) Full(0) root "from DNS":
[all …]
/freebsd/contrib/ldns/
H A Dconfigure.ac616 AC_ARG_ENABLE(dane, AC_HELP_STRING([--disable-dane], [Disable DANE support]))
617 AC_ARG_ENABLE(dane-verify, AC_HELP_STRING([--disable-dane-verify], [Disable DANE verify support]))
618 AC_ARG_ENABLE(dane-ta-usage, AC_HELP_STRING([--disable-dane-ta-usage], [Disable DANE-TA usage type …
643 AC_MSG_ERROR([DANE enabled, but no SSL support])
645 …AC_CHECK_FUNC(X509_check_ca, [], [AC_MSG_ERROR([OpenSSL does not support DANE: please upgrade Open…
647 AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.])
655 AC_DEFINE_UNQUOTED([USE_DANE_VERIFY], [1], [Define this to enable DANE verify support.])
663 …ane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA…
667 … AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.])
H A DREADME25 - OpenSSL >= 0.9.7f for DANE support
/freebsd/contrib/ldns/ldns/
H A Dconfig.h.in415 /* Define this to enable DANE support. */
418 /* Define this to enable DANE-TA usage type support. */
421 /* Define this to enable DANE verify support. */
/freebsd/contrib/sendmail/cf/cf/
H A Dsubmit.cf552 # enable DANE?
553 #O DANE=false
1263 R$* $| DANE_NOTLS $#error $@ 4.7.0 $: "454 DANE: missing STARTTLS."
1264 R$* $| DANE_TEMP $#error $@ 4.7.0 $: "454 DANE check failed temporarily."
1265 R$* $| DANE_FAIL $#error $@ 4.7.0 $: "454 DANE check failed."
/freebsd/contrib/sendmail/cf/m4/
H A Dproto.m4217 # flag d: turn off DANE
714 # enable DANE?
715 _OPTION(DANE, `confDANE', `false')
2815 define(`DANE_MSG', `DANE check failed.')dnl
2816 define(`DANE_TEMP_MSG', `DANE check failed temporarily.')dnl
2817 define(`DANE_NOTLS_MSG', `DANE: missing STARTTLS.')dnl
2853 dnl note: this allows to disable DANE per RCPT.
2974 dnl # deal with DANE errors: abort
2978 dnl # deal with DANE tempfail: abort
3149 dnl <DANE>: enabled
[all …]
/freebsd/crypto/openssl/doc/man1/
H A Dopenssl-s_client.pod.in356 Enable RFC6698/RFC7671 DANE TLSA authentication and specify the
362 When DANE authentication succeeds, the diagnostic output will include
372 Use one or more times to specify the RRDATA fields of the DANE TLSA
389 DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
394 This disables server name checks when authenticating via DANE-EE(3) TLSA
403 DANE-EE(3) TLSA records, and can be disabled in applications where it is safe

12